Mexico. Botnets pose a great danger because their operators are able to use a network of infected computers to perform virtually any task, and harm the users of the infected computers and third parties.
They do this by sending spam, distributing hoaxes and threats hidden in attachments, or executing distributed denial of service (DDoS) attacks. ESET, a proactive threat detection company, analyzes the case of Mirai and home electronic devices.
"There is a silent threat in front of our eyes and one that often goes unnoticed. Victims, in general, do not even know they were infected, and attackers have a success rate very close to 100%," warns Camilo Gutiérrez Amaya, Head of the Research Laboratory at ESET Latin America.
A DDoS (distributed denial of service) attack attempts to overwhelm the computational processing capacity of the "targets" of the attack, through the overload of requests to saturate them.
In August 2016 a botnet was discovered that only a couple of months later would surprise the whole world with a DDoS attack. Due to the sustained DDoS attack of which the service provider of the Domain Name System Dyn was a victim, cuts were evidenced in sites and services of various kinds: Twitter, Airbnb, Reddit, Amazon, SoundCloud, Spotify, Netflix and PayPal, among many others. That wasn't the only big hit of the Mirai botnet that year: OVH, the French web hosting company, showed significant disruptions in its services and that of its customers and the attack reached a record DDoS traffic for the time, since it exceeded 1.1 terabits per second.
The particularity of the Mirai botnet is that its large network was composed of digital devices connected to the internet (IoT - internet of things) that were infected because they did not have protection, were poorly configured or had weak passwords.
Home routers, video recorders, surveillance cameras and any other type of smart devices were exploited by Mirai to perpetrate its attacks. It is estimated that this botnet was composed of more than 600,000 smart home devices connected to the internet.
That wasn't all because Mirai's source code was posted on open-source forums, which resulted in this technique being used in other malware projects. In fact, during 2023 year there were several attacks where some of its variants were implemented.
"Anyone who installs a router, a camera, a TV or any other IoT device and does not change the default password is favoring cybercriminals to carry out these types of attacks.
Why? It happens that those who carry out DDoS attacks have knowledge of the default passwords of many IoT devices and, if the fateful October 21, 2016 taught us anything, it is that anything that connects to the Internet poses a risk, "concludes Gutiérrez Amaya, from ESET Latin America.
What can be done about it? From ESET they share the following recommendations:
- Consider IoT devices in the same way as a personal computer, so you should take the same care as immediately changing the default password and regularly checking for security patches.
- Use the HTTPS interface whenever possible and, when the device is not used, turn it off. If it contains other connection protocols that are not in use, it is best to disable them.
